Scammers using phishing attempts are on the rise in SEA

Phishing via payment system logged the highest share for all countries in Southeast Asia, according to Kaspersky’s report.   Thailand’s highest finance-related attempt was phishing via e-shop (28.16%), followed by payment system (22.22%) and bank (5.25%).   Almost 1 in 2 phishing attempts in Thailand are finance-related transactions.

“While security systems are in place in most financial companies to protect customers from falling victims to suspicious activity, it is true that prevention is better than cure; much more can be proactively done at both individual and bank levels,” says Benjamas Chuthapiphat, country manager for Thailand at Kaspersky.

Phishing messages are normally in forms of fake notifications or links from banks, providers, e-pay systems and other companies by using social engineering to lure users.  Such notifications will promptly demand the recipients to provide or update their personal data. 

Anonymized data by Kaspersky’s voluntary users indicated that the most phishing attempts among scammers during February to April 2022 in SEA was malicious mails targeting against payment system (32.11%), followed by e-shop (10.80%) and bank (5.03%).

The Philippines experienced the highest financed related phishing attempts (68.95%), Singapore (55.67%), Thailand (55.63%), Malaysia (50.58%), Indonesia (42.81%), and Vietnam (36.12%).

According to Benjamas, the most effective way to prevent and protect the enterprise’s database and reputation is to treat the cybersecurity issue as a dynamic strategy, not a static one.    It should be constantly upgraded, updated, and improved in parallel with technology and scammers’ tactics.

Puttipong Ponglaksamana, pre-sales manager for Thailand at Kaspersky, said that key considerations in implementing successful cybersecurity plan are technologies, people, and process.  Kaspersky currently offer its Endpoint Detection and Response Optimum at 35% off to help enterprises get started with. Interested companies can visit this link to know more.

Puttipong added the use of Kaspersky's Managed Detection and Response solution can facilitate the company through a full team of cybersecurity expertise under manageable budget with accessibility to review phishing messages and ransomware.

Kaspersky experts also foresee the hackers will target the rising “Super Apps”, both infrastructure and users through social engineering attacks.  It is urged that all fintech companies to deploy a secure-by-design approach in their systems and to continuously provide proactive education for their users where phishing attacks continue to thrive.

Some tips to keep in mind for individuals to protect themselves against phishing attacks include:

• Do not respond: even prompts to reply like texting “UNSUBSCRIBE” or “STOP” can be a trick to identify active phone numbers. Attackers depend on your curiosity or anxiety over the situation at hand, but you can choose not to engage.
• Avoid using any links or contact information in the email or message: go directly to contact channels where possible. Furthermore, urgent notices can be verified directly on online accounts or via an official phone helpline.
• Look out for mistakes, typos and strange characters in the text: some threat actors really struggle with English, or some mistakes are intentionally made (such as using numbers to replace certain alphabets, eg “Bank L0an” instead of “Bank Loan”) in an attempt to bypass spam filters.
• Slow down if a message is urgent: the nature of emails and SMS are that they are often read on the go, when one is distracted or in a hurry and thus leaving one’s guard down. Approach offers as caution signs of possible phishing, remain calm and proceed carefully.
• Download an anti-malware app, which can protect against malicious apps such as Kaspersky Total Security for a safety net.